Browse > Article

Design and Performance Analysis of Security Network Management Architecture for Auto-managing Security Systems  

Ahn Gae-Il (한국전자통신연구원 네트워크보안 연구부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.30, no.8B, 2005 , pp. 525-534 More about this Journal
Abstract
This paper proposes the architecture and the methods of security network management for auto-configuration of security systems by extending the existing policy-based network management architecture. The architecture and the methods proposed in this paper enable a security management sewer to automatically decide the best-suited security policy to apply to a security system and the most effective and efficient security system to perform security policy rule, based on the role and capability information of security systems and the role and time information of security policy. For integrated control of network system and security system, this paper also proposes SNMP protocol based security network topology map generator. To show the excellence of the proposed architecture and methods, we simulate and evaluate the automatic response against attacks.
Keywords
Security network management; Security system; Automation; Topology map generator;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K. Chan, J. Seligson, D. Durham, and et. al., 'COPS Usage for Policy Provisioning (COPS-PR),' IETF, RFC 3084, March 2001
2 B. Feinstein, G. Matthews, and J. White, 'The Intrusion Detection Exchange Protocol (IDXP)', IETF, draft-ietf-idwg-beep-idxp-07, Oct. 2002
3 Verma, Dinesh, 'Policy Based Networking,' New Riders, November 2000
4 Check Point, 'Open Platform for Security,' Technical Note, 2000
5 Raouf Boutaba, Salima Omari and Ajay Pal Singh Virk, 'SELFCON: An Architecture for Self-Configuration of Networks', IEEE Journal of communications and networks, VOL.3, NO.4, Dec. 2001
6 D.K.Y. Yau, J.C.S. Lui, and Feng Liang, 'Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles,' 10th IEEE International Workshop on Quality of Service, pp.35-44, May 2002
7 William Stallings, 'SNMPv3: A Security Enhancement for SNMP,' IEEE Communications Surveys, Vol. 1 No. 1, Fourth Quarter 1998
8 J. Case, M. Fedor, M. Schoffstall, and J. Davin, 'A Simple Network Management Protocol(SNMP)', IETF, RFC 1157, May 1990
9 R. Sahita, S. Hahn, K. Chan, and K. McCloghrie, 'Framework Policy Information Base,' IETF, RFC 3318, March, 2003
10 UCB/LBNL/VINT, 'ns Notes and Documentation,' http://www.isi.edu/nsnam/ns
11 X. Geng and A. B. Whinston, 'Defeating Distributed Denial of Service Attacks', IT Pro, pp 36-41, July 2000
12 D. Durham, J. Boyle, R. Cohen, and et. al., 'The COPS (Common Open Policy Service) Protocol,' IETF, RFC 2748, Jan. 2000
13 R. Mahajan, S. M. Bellovin, S. Floyd, and et al., 'Controlling High Bandwidth Aggregates in the Network,' ACM SIGCOMM Computer Communications Review, Vol. 32, No. 3, pp. 62-73, July 2002   DOI
14 Y. Yaacovi, M. Wahl and T. Genovese, 'Lightweight directory access protocol(v3): Extensions for dynamic directory services,' IETF, RFC 2589, May 1999
15 Cisco, 'Network Security - Embedded in the Network, Integrated in the Product', white paper, 2002
16 B. Moore, E. Ellesson, J. Strassner, and A. Westerinen, Strassner, 'Policy Core Information Model - Version 1 Specification,' IETF, RFC 3060, Feb. 2001